How to install SSL certificate for a domain?

From PheonixSolutions
Jump to navigation Jump to search

Before installing SSL certificate the following points needs to be verified

  1. An A record with “domainname” pointing to your server’s public IP address.

  2. An A record with “www.domainname” pointing to your server’s public IP address

  3. Separate virtual host configuration file (domainname.conf) for the particular domain under /etc/apache2/SItes-available/

Step1:- Installing Certbot 

apt install certbot python3-certbot-apache


Step 2:- Editing Apache Virtual Host Configuration file (.conf) 

vi /etc/apache2/sites-available/domainname.conf

ServerName domainname ServerAlias www.domainname

Step 3:- Validate the Virtual Host Configuration file (.conf) and reload apache2 to update the changes 

apache2ctl configtest

Syntax OK 

 systemctl reload apache2

Step 4:- Allowing HTTPS through the firewall (optional) 

ufw status

Status: active

To Action From

OpenSSH ALLOW Anywhere

Apache ALLOW Anywhere

OpenSSH (v6) ALLOW Anywhere (v6)

Apache (v6) ALLOW Anywhere (v6)


Step 5:- Allow HTTPS traffic to “Apache Full” profile and delete the redundant “Apache” profile 

ufw allow 'Apache Full'

ufw delete allow 'Apache'

Status: active To Action From OpenSSH ALLOW Anywhere Apache Full ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) Apache Full (v6) ALLOW Anywhere (v6)

Step 6:- For obtaining an SSL Certificate run the below command 

certbot --apache

Step7:- To verify & test the certbot auto-renewal run the below command (optional) 

systemctl status certbot.timer

certbot renew --dry-run
Retrieved from "https://wiki.pheonixsolutions.com/index.php?title=How_to_install_SSL_certificate_for_a_domain%3F&oldid=1498"